Project

sorcery-jwt

0.02
Low commit activity in last 3 years
No release in over a year
sorcery-jwthayfever/sorcery-jwtHomepageDocumentationSource CodeBug TrackerWiki
Jwt extension for the Sorcery authentication library
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
53,375
Stars
19
Forks
11
Watchers
2
 Releases
Current version
0.1.13
Total releases
13
First release
2018-10-27
Latest release
2022-02-02
 Issues
Open Issues
1
Closed Issues
5
Total Issues
6
Issue Closure Rate
83%
 Pull Requests
Open Pull Requests
1
Closed Pull Requests
5
Merged Pull Requests
8
Pull Request Acceptance Rate
57%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2020-04-02
Reverse Dependencies
0

 Dependencies

Development

pry
~> 0.10.0
rake
~> 13.0
rspec
~> 3.0
bundler
>= 2.1.0

Runtime

jwt
>= 1.0, < 3.0
sorcery
>= 0.13, < 0.17
 Project Readme

Sorcery::Jwt

Jwt extension for the Sorcery authentication library

NOTE: Sorcery v1 is being developed and JWT is being implemented as a core plugin. See Sorcery/sorcery-rework#9 for more.

Installation

Add this line to your application's Gemfile:

gem 'sorcery-jwt'

And then execute:

$ bundle

Or install it yourself as:

$ gem install sorcery-jwt

Usage

First, include the :jwt submodule in your list of configured Sorcery submodules:

Rails.application.config.sorcery.submodules = [:jwt, ...]

Next, in the Sorcery user_config, set the secret and algorithm that will be used to sign your tokens. You can also set length of time in seconds that the token will be valid for. Note that this is configured separately from the :session_timeout submodule.

Rails.application.config.sorcery.configure do |config|
  # ...
  config.user_config do |user|
    # ...
    user.jwt_secret = Rails.application.secrets.secret_key_base
    user.jwt_algorithm = "HS256" # HS256 is used by default.
    user.session_expiry = 60 * 60 * 24 * 7 * 2 # 2 weeks is used by default.
  end
end

Available algorithms are listed at https://github.com/jwt/ruby-jwt.

You're now ready to start using the library. By including the submodule, each request will check for an authorization header with a JWT as the value. If the JWT is valid, it will set the current_user in the controller to the matching user. It is up to you to handle what happens when a token is invalid or JWTs need to be revoked. Some ideas here: http://waiting-for-dev.github.io/blog/2017/01/24/jwt_revocation_strategies.

To login a user and issue a token, use the login_and_issue_token method from a controller. This method takes the same email and password arguments that the Sorcery authenticate method does.

Example:

def login
  token = login_and_issue_token(params[:email], params[:password])

  render json: {
    user: serialize(current_user),
    token: token
  }
end

By using login_and_issue_token with valid credentials, you're also setting current_user in your controller.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/hayfever/sorcery-jwt. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Code of Conduct

Everyone interacting in the Sorcery::Jwt project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.